In yet another major ransomware attack, Russian hacker group, REvil has claimed to have stolen blueprints of Apple’s latest products. REvil infiltrated network of Apple’s supplier, Quanta which makes Macbooks. The attack coincided with Apple’s Spring Loaded event where the company revealed its new products.
Quanta said that it doesn’t expect any material impact on business from a ransomware attack. In March, the REvil group was said to be behind the ransomware attack on Acer.
Below are a few comments from cybersecurity experts:
Ammar Enaya, Regional Director – METNA, Vectra AI
Like many other franchise models, REvil aspires to create a clear sense of their brand. It appears that the brand identity they are going for is large-scale extortion.
All the messages are even cloaked in language commonly used by legitimate business, buy now to get a discount as it will cost more next week. Notwithstanding these eye-popping ransom requests, there is little evidence of large-scale payouts to the REvil group and franchisees should be careful not to pin their financial future on the veracity of the brand identity.
Sam Curry, Chief Security Officer, Cybereason
The shocking cyberattack is a reminder that ransomware sits at the forefront of a new cyberwar that nation states are waging on western corporations and government agencies. These bold and brazen attacks are coming faster and more frequently than ever before. And with ransom demands skyrocketing from a few thousand dollars to $50 Million or more, it is time for the private and public sector to put any differences aside to come together to find solutions.
Today, questions about connections with the other side are debated hotly among researchers and pundits, ranging from copyright pirates to ransomware gangs. On its face, this is a golden opportunity for a ransomware gang to get to a large population of lucrative owners. This would pay for years, filling the coffers on the dark side; and it is a reminder that no tech is immune.
However, the spectre of the Russian government in the shadows cannot be ignored because it comes at a time of cyber saber-rattling between the US and Russia. President Biden has begun sanctions and penalties for SolarWinds and election meddling, and Russia’s President Putin has puffed out his chest in response.
So, this attack on the supply chain of the largest supplier of consumer-used computing devices is not a coincidence, either REvil is benefitting indirectly from pariah policies related to cybercrime in Russia or is directly taking orders from a government, sending a message around the world to Washington. Either way, this is one to watch as the ongoing story unfolds.
Targeted ransomware attacks on large companies have become quite common, especially over the past few years. One specific attack, even on an organisation known worldwide, will not change the way things are operated. But we hope that the reaction to this trend will include the introduction of information security events monitoring; complex cybersecurity systems, including for proactive detection of attacks; and enhanced training of employees around cybersecurity rules.
The main task is to prevent the occurrence of such attacks in the future. In the aftermath of such attacks, it is important to conduct a comprehensive investigation of the incident, draw conclusions about the current vulnerabilities, and fix them. Also, in our opinion, it is important to put in place effective monitoring, and to have an action plan in case such attacks occur.
Unfortunately, purely technical protection measures are not enough – the contractor’s protection perimeter is under their jurisdiction. Manufacturers are left to impose strict information security requirements for their suppliers, as well as, for example, impose legal sanctions for such violations.
This is a developing story, go ahead and bookmark this link for latest updates.